encoding hoare logic in typed certified code
play

Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou - PowerPoint PPT Presentation

Oct 08, 2022 •447 likes •901 views

Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou Michalis A. Papakyriakou Angelos Manousaridis National Technical University of Athens School of Electrical and Computer Engineering Software Engineering Laboratory {nickie,

  1. Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou Michalis A. Papakyriakou Angelos Manousaridis National Technical University of Athens School of Electrical and Computer Engineering Software Engineering Laboratory {nickie, mpapakyr, amanous}@softlab.ntua.gr 5th Panhellenic Logic Symposium Athens, July 25-28, 2005 N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  2. Outline Motivation Hoare logic Typed certified code Can we combine the two? Our approach The type language The computation language Encoding Hoare logic Problems with Hoare Logic And their Solution Example Conclusions N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  3. Hoare Logic (i) ◮ Introduced the strength of formal logic in computer programming ◮ A tool to: ◮ reason about program properties and prove correctness ◮ derive programs from their specifications C. A. R. Hoare, “An axiomatic basis for computer programming”, Communications of the ACM , vol. 12, no. 10, pp. 576–585, 1969. N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  4. Hoare Logic (ii) ◮ Hoare triples represent program specifications { P } program { Q } N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  5. Hoare Logic (ii) ◮ Hoare triples represent program specifications { P } program { Q } ◮ Example: greatest common divisor { n + m > 0 } a : = n ; b : = m ; while a > 0 and b > 0 do if a > b then a : = a mod b else b : = b mod a ; r : = a + b { r > 0 ∧ r \ n ∧ r \ m ∧ ( ∀ r ′ ∈ N . r ′ \ n ∧ r ′ \ m ⇒ r ′ ≤ r ) } N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  6. Typed Certified Code (i) Methodology: ◮ a sound formal logic is used ◮ combined with the programming language ◮ program specifications are expressed as propositions in this logic ◮ proofs of these propositions are embedded in programs ◮ either explicitly given by the programmer ◮ or automatically constructed by the compiler N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  7. Typed Certified Code (ii) Proposed solutions: ◮ Typed Intermediate Language (TIL); Harper and Morrisett, 1995 ◮ Typed Assembly Language (TAL); Morrisett, Walker, Crary and Glew, 1998 ◮ Proof-Carrying Code (PCC); Necula, 1998 ◮ Foundational Proof-Carrying Code, Appel, 2001 ◮ Shao, Saha, Trifonov and Papaspyrou, 2002, 2005 ◮ Crary and Vanderwaart, 2002 N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  8. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  9. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ nat “One of the arguments shall not be zero.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  10. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ nat “One of the arguments shall not be zero.” ◮ Singleton type snat n A data type whose elements are representations of the single integer value n : Nat N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  11. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ nat “One of the arguments shall not be zero.” ◮ Singleton type snat n A data type whose elements are representations of the single integer value n : Nat ◮ (Syntactic sugar) nat ≡ ∃ r : Nat . snat r N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  12. Typed Certified Code (iv) ◮ Example (continued) ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ : ( r > 0 ) . snat r “The result shall not be zero.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  13. Typed Certified Code (iv) ◮ Example (continued) ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ : ( r > 0 ) . snat r “The result shall not be zero.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ : ( r > 0 ∧ r \ n ∧ r \ m ) . snat r “The result shall not be zero and shall divide both arguments.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  14. Typed Certified Code (v) ◮ Example (continued) ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ 1 : ( r > 0 ∧ r \ n ∧ r \ m ) . 2 : ( Π r ′ : Nat . r ′ \ n ∧ r ′ \ m → r ′ ≤ r ) . ∃ q ∗ snat r “The result shall be the greatest common divisor of the two arguments.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  15. Can we combine the two? ◮ Hoare Logic + long studied, large body of scientific knowledge + simple axioms and rules + works with variables and destructive update − does not work well with (higher-order) functions − proofs of specifications cannot be automatically verified N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  16. Can we combine the two? ◮ Hoare Logic + long studied, large body of scientific knowledge + simple axioms and rules + works with variables and destructive update − does not work well with (higher-order) functions − proofs of specifications cannot be automatically verified ◮ Typed Certified Code − relatively new approach − highly complex type system − does not work well with variables and destructive update + works well with (higher-order) functions + proofs of specifications can be automatically verified N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  17. Overview of the Type Language ◮ A variation of the Calculus of Inductive Constructions ◮ Incorporates higher-order predicate logic ◮ Complete grammar: A , B :: = Set | Type | Ext | X | Π X : A . B | λ X : A . B | AB Ind ( X : A ) { � A } | Constr ( n , A ) | Elim [ A ′ ]( A : B � B ) { � | A } A → B ≡ Π X new : A . B Papaspyrou, Vytiniotis and Koutavas, “Logic-Enhanced Type Systems”, PLS 4 , 2003. Shao, Trifonov, Saha and Papaspyrou, “A Type System for Certified Binaries”, ACM TOPLAS , vol. 27, no. 1, pp. 1-45, 2005. N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  18. The Computation Language (i) ◮ The simple imperative language WHILE x : Var variables :: = n | b | x | ⋄ e | e ⋆ e e : Expr c : Comm :: = skip | x : = e | c ; c | if e then c else c | while e do c ⋄ : UnOp :: = − | ¬ ⋆ : BinOp :: = + | − | ∗ | div | mod | = | � = | < | > | ≤ | ≥ | and | or N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  19. The Computation Language (ii) Typing ◮ Types τ : Ω :: = int | bool Γ : Env = Var → Ω ◮ Type environments Γ ⊢ e : τ ◮ Typing of expressions Γ ⊢ c ◮ Typing of commands N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  20. The Computation Language (ii) Typing ◮ Types τ : Ω :: = int | bool Γ : Env = Var → Ω ◮ Type environments Γ ⊢ e : τ ◮ Typing of expressions Γ ⊢ c ◮ Typing of commands Semantics ◮ Meaning of types [ [ int ] ] = Int , [ [ bool ] ] = Bool s : Store Γ = Π x : Var . [ [ Γ x ] ◮ Stores ] ◮ Meaning of expressions [ [ e ] ] s ⇓ v ] s ⇓ s ′ ◮ Meaning of commands [ [ c ] N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  21. Encoding Hoare Logic (i) P , Q , R : Pred Γ = Store Γ → Set ◮ Predicates N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  22. Encoding Hoare Logic (i) P , Q , R : Pred Γ = Store Γ → Set ◮ Predicates ◮ Specification of commands { P } c { Q } Γ ⊢ c P , Q : Pred Γ ◮ { P } c { Q } is valid if for all s : Store Γ , ] s ⇓ s ′ , for some s ′ : Store Γ , if Ps and [ [ c ] then Qs ′ N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

Recommend

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction Last time, we saw that that proofs in Hoare logic can involve large amounts of very error-prone bookkeeping

690 views • 48 slides
Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Semantics of Hoare Logic

663 views • 10 slides
Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Recap Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we specified and verified some example programs using the syntactic rules of Hoare logic that we introduced in the first lecture. Jean

477 views • 13 slides
Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it reduces a program and its specification to a set of verifications conditions. Slides by Wishnu Prasetya URL : www.cs.uu.nl/~wishnu Course URL :

1.4k views • 124 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969 builds on first-order logic Hoare logic introduced by Hoare in 1969 builds on first-order logic correctness specification = pre- and

401 views • 37 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

2k views • 158 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

770 views • 59 slides
Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre ==&gt; post] Probabilistic Hoare Logic [ c : = ] = (see Lecture 6): bd_hoare [ c : pre ==&gt; post ] = r Probabilistic Relational Hoare

377 views • 23 slides
Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 / 25 Outline Background 1 Axioms and Rules 2 A note on Weakest Preconditions 3 Jari Stenman () Hoare Logic February 10, 2012 2 / 25 Outline

463 views • 25 slides
Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Recap Decoration Preliminaries Radboud University Nijmegen Decorations Hoare as Logic Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen Type Theory and Coq - 2016 Thomas Churchman Type Theory

289 views • 18 slides
Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last time Natural deduction 2 This lecture Semantics of computer programs A logic for reasoning about them 3 Syntax of programming language The BNF

796 views • 78 slides
locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro &amp; motivation, getting started with

locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro &amp; motivation, getting started with

L AST T IME Syntax and semantics of IMP Hoare logic rules Soundness of Hoare logic NICTA Advanced Course Verification conditions Slide 1 Theorem Proving Slide 3 Principles, Techniques, Applications Example program proofs

322 views • 8 slides
Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Varese, September 19-21 2012 Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina Lenisa Universit degli studi di Udine, Italy Daniel Pellarini and Marina Lenisa Hoare Logic for Multiprocessing Hoare

507 views • 23 slides
Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge Academic year

1.15k views • 48 slides
COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Finding a proof Consider the following code: Pow r := 1; i := 0;

538 views • 37 slides
Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture by K. Rustan M. Leino Testing and

392 views • 23 slides
CIS 500 Last time, we talked about encoding objects in the typed lambda calculus with Software

CIS 500 Last time, we talked about encoding objects in the typed lambda calculus with Software

Object Encodings CIS 500 Last time, we talked about encoding objects in the typed lambda calculus with Software Foundations records, recursion, references and subtyping. We have a litte more to talk about this topic, but

486 views • 22 slides
Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9 sometimes in the past a code having weights 7-4-2-1 instead of the binary code weights 8-4-2-1 was used. In the cases where a digit's code word

830 views • 66 slides
Matching Logic An Alternative to Hoare/Floyd Logic Grigore Rosu University of Illinois at

Matching Logic An Alternative to Hoare/Floyd Logic Grigore Rosu University of Illinois at

Matching Logic An Alternative to Hoare/Floyd Logic Grigore Rosu University of Illinois at Urbana-Champaign (UIUC) Joint work with Chucky Ellison (UIUC) Wolfram Schulte (Microsoft Research) How It Started NASA project runtime verification

568 views • 28 slides
Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction In the previous lectures, we have considered a language, WHILE , where mutability only concerned program

734 views • 57 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Hoare Logic Deepak DSouza, K. V. Raghavan Department of Computer Science and Automation

Hoare Logic Deepak DSouza, K. V. Raghavan Department of Computer Science and Automation

Programs as state transformers Hoare logic Weakest Preconditions Hoare Logic Deepak DSouza, K. V. Raghavan Department of Computer Science and Automation Indian Institute of Science, Bangalore. April 2012 Programs as state transformers

378 views • 26 slides

More recommend